[Samba] fail-over, redundancy, bdc, multi-dc-domain

Andrew Bartlett abartlet at samba.org
Mon Jan 28 07:41:09 MST 2013 

On Tue, 2013-01-22 at 10:53 -0800, Gregory Sloop wrote:
> I'm aware of, at least generally, how one would have done a
> BDC/Redundant server under OpenLDAP Samba3.
> 
> However, rolling your own multi-domain-controller was fairly daunting
> [for me] under Samba3 / OpenLDAP.
> 
> I've been very interested in Samba4 for the more integrated nature of
> having LDAP/DNS/Samba all under one roof. [i.e. Fewer places where I
> can screw it up horribly.]

Most of our users find that Samba 4.0 'just works' for them as an AD DC,
even replicating to a second DC. 

> However I'm also interested in how one can handle fail-over. I don't
> need something totally seamless and "big-iron" style. A backup box
> that would need some manual intervention would be fine.

Just replicating to a second DC should be fine.  You will need to
manually replicate the sysvol share, but that shouldn't be hard.

> So, something like an rsync'd backup box where the shared
> files/accounts/etc are perhaps an hour out of date, and that would
> require 15 minutes to bring up as a primary would be an acceptable
> solution.

I would not recommend just rsyncing anything, except the sysvol files.
The reason is that rsync will not get a consistent snapshot of the
databases.  Joining a second DC will be much more seamless. 

> That's not to say I wouldn't want something better, but that's kind of
> the low end of the "acceptable" scale.
> 
> I've done some searches on the list and spent a while looking for
> "examples" but I don't easily find any. [Using searches with: samba4 bdc,
> redundant, backup, etc. There are a ton of very old articles on the
> list, but almost nothing I could find specifically on Samba4.]
> 
> Could some kind soul point me either to:
> 1) Search terms more likely to produce results, or some discussion threads or
> 2) wiki/how-to's on how to accomplish something in the neighborhood on this subjet?

The main HOWTO contains information on joining to an existing domain.
That is what you need to do on your second DC.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list